My application sends HTTP CONNECT requests to a HTTP proxy port 80, but
gets a squid ERR_CONFLICT_HOST error page.
Is the following code really working as the comments pointed out "ignore
them" since the following if condition is "http->request->method !=
Http::METHOD_CONNECT"
and the rest has been blocked by error page
"repContext->setReplyToError(ERR_CONFLICT_HOST, Http::scConflict,"?
Does "ignore them" mean block them?
void
ClientRequestContext::hostHeaderVerifyFailed(const char *A, const char *B)
{
// IP address validation for Host: failed. Admin wants to ignore them.
// NP: we do not yet handle CONNECT tunnels well, so ignore for them
if (!Config.onoff.hostStrictVerify && http->request->method !=
Http::METHOD_CONNECT) {
debugs(85, 3, "SECURITY ALERT: Host header forgery detected on " << http->
getConn()->clientConnection <<
" (" << A << " does not match " << B << ") on URL: " << http->request->
effectiveRequestUri());
How does the squid get "hostHeaderVerifyFailed" for a normal HTTP CONNECT
request to a HTTP Proxy as simple as below?
CONNECT www.zscaler.com:80 HTTP/1.1
Host: www.zscaler.com:80
User-Agent: Windows Microsoft Windows 10 Enterprise ZTunnel/1.0
Proxy-Connection: keep-alive
Connection: keep-alive
HTTP/1.1 409 Conflict
Server: squid
Mime-Version: 1.0
Date: Tue, 22 Feb 2022 20:59:42 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 2072
X-Squid-Error: ERR_CONFLICT_HOST 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from 3
Via: 1.1 3 (squid)
Connection: keep-alive
</head><body id=ERR_CONFLICT_HOST>
<div id="titles">
<h1>ERROR</h1>
<h2>The requested URL could not be retrieved</h2>
</div>
<hr>
<div id="content">
<p>The following error was encountered while trying to retrieve the URL: <a
href="www.zscaler.com:80">www.zscaler.com:80</a></p>
......
Thank you for any help on the understanding!
Paul Ling
_______________________________________________
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev
